To avoid download time, add the box using a local image.
vagrant box add --name atomic-f26 \ Fedora-Atomic-Vagrant-26-1.5.x86_64.vagrant-virtualbox.box
Clone the git repository with this text and the vagrant configuration for the Atomic Host lab.
git clone https://github.com/markllama/lisa17 cd lisa17/atomic-vagrant export VAGRANT_DEFAULT_PROVIDER=virtualbox
$ vagrant status Current machine states: atomic-01 not created (virtualbox) atomic-02 not created (virtualbox) atomic-03 not created (virtualbox) This environment represents multiple VMs. The VMs are all listed above with their current state. For more information about a specific VM, run 'vagrant status NAME'. $ vagrant up
Once the instances are up, create three windows using tabs, or tmux and log in to the first one.
vagrant ssh atomic-01
Log into atomic-02 and atomic-03 in the same way.
A template for the etcd.conf is provided in sync/etcd.conf.template. A simple sed line will replace the values needed for each host.
# [member]
ETCD_NAME=atomic-0{HOSTNUM}
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://172.17.8.10{HOSTNUM}:2380"
ETCD_LISTEN_CLIENT_URLS="http://127.0.0.1:2379,http://172.17.8.10{HOSTNUM}:2379"
# [cluster]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://172.17.8.10{HOSTNUM}:2380"
ETCD_INITIAL_CLUSTER_STATE="new"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_ADVERTISE_CLIENT_URLS="http://172.17.8.10{HOSTNUM}:2379"
ETCD_INITIAL_CLUSTER="atomic-01=http://172.17.8.101:2380,atomic-02=http://172.17.8.102:2380,atomic-03=http://172.17.8.103:2380"
#[security]
#ETCD_CERT_FILE=""
#ETCD_KEY_FILE=""
#ETCD_CLIENT_CERT_AUTH="false"
#ETCD_TRUSTED_CA_FILE=""
#ETCD_AUTO_TLS="false"
#ETCD_PEER_CERT_FILE=""
#ETCD_PEER_KEY_FILE=""
#ETCD_PEER_CLIENT_CERT_AUTH="false"
#ETCD_PEER_TRUSTED_CA_FILE=""
#ETCD_PEER_AUTO_TLS="false"
In this simple environment you only need to set the host number in the member and cluster sections. We’re ignoring security for this lab.
To prepare and start the etcd on the first instance, run the command below.
The systemctl start will block waiting to form a cluster.
sed 's/{HOSTNUM}/1/' sync/etcd.conf.template > etcd.conf
sudo cp etcd.conf /etc/etcd/
sudo systemctl start etcd
Note the HOSTUM replacement. Do the same thing on atomic-02 and
atomic-03 as well, replacint "1" with "2" and "3" for each host.
sed 's/{HOSTNUM}/2/' sync/etcd.conf.template > etcd.conf
sudo cp etcd.conf /etc/etcd/
sudo systemctl start etcd
When you start the second etcd, the cluster will begin to form and the
first systemctl will unblock and complete. When automating, if sync
is not needed, add the --no-block switch to proceed.
When all three are started, check the status of the cluster with the etcdctl member list command.
etcdctl member list 25d6ce33763c5524: name=atomic-02 peerURLs=http://172.17.8.102:2380 clientURLs=http://172.17.8.102:2379 isLeader=false 6ae27f9fa2984b1d: name=atomic-01 peerURLs=http://172.17.8.101:2380 clientURLs=http://172.17.8.101:2379 isLeader=true ff32f4b39b9c47bd: name=atomic-03 peerURLs=http://172.17.8.103:2380 clientURLs=http://172.17.8.103:2379 isLeader=false
Add a key/value to the etcd database. Run the add operation on atomic-01
[vagrant@atomic-01 ~]$ etcdctl set /test/value '{"test": "value0"}'{"test": "value0"}
The key and value should be visible from all three hosts.
[vagrant@atomic-03 ~]$ etcdctl get /test/value
{"test": "value0"}
Set, get and update keys this way.
Etcd can also block waiting for changes or watching on a key.
On atomic-03 watch the /test/value key.
[vagrant@atomic-03 ~]$ etcdctl watch /test/value # blocks
Set a new value from atomic_02.
[vagrant@atomic-02 ~]$ etcdctl set /test/value '{"test": "value1"}'
{"test": "value1"}
The client on atomic-03 unblocks and returns the new value.
[vagrant@atomic-03 ~]$ etcdctl watch /test/value # unblocked
{"test": "value1"}
The flannel configuration consists of two parts. The service configuration is stored in etcd. The flanneld on each node must be configured to find the configuration, (by default, localhost). In this case, it must also be configured to use the eth1 interface and to do NAT for IP addresses inside the SDN
The flanneld also writes modifications for the Docker daemon. After the flannel SDN is operating, the docker service must restart on all nodes.
[vagrant@atomic-01 ~]$ etcdctl set /atomic.io/network/config \
'{"Network": "172.24.0.0/16", "Backend": {"Type": "vxlan"}}'
{"Network": "172.24.0.0/16", "Backend": {"Type": "vxlan"}}
Flannel must use the alternate IP interface and do IP masquarading (NAT) at the border. Once the flanneld starts, it generates a config modification for Docker. This instructs the dockerd to use the flannel network. Finally iptables must have a policy of accepting forwarded packets from the flanneld.
Run these commands on each of the instances.
sudo sed -i '$aFLANNEL_OPTIONS="--ip-masq=true --iface=eth1"' /etc/sysconfig/flanneld sudo systemctl start flanneld sudo systemctl restart docker sudo iptables -P FORWARD ACCEPT
Now containers running on any host should have access to the networks of any container in the cluster. To test, create a container running a simple web server and try accessing it from containers on one of the other hosts.
[atomic-01]$ sudo docker pull fedora [atomic-01]$ sudo docker run -d --name webserver fedora python3 -m http.server
Now inspect the container to find the IP address
[atomic-01]$ sudo docker inspect webserver --format '{{.NetworkSettings.IPAddress}}'
172.44.28.2
The Python3 http.server is a simple web server that returns files in the current working directory where the daemon is started.
[atomic-01]$ curl http://172.44.28.2:8000 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> ...
Log into atomic-03 and try the same test. The create a container and test from there.
[atomic-03]$ sudo docker pull fedora [atomic-03]$ sudo docker run -it --rm fedora [root@25be96d25a6b /]# curl http://172.44.5.2:8000 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> ...
Now that you’ve seen how this works manually, you can work with it. When you’re finished you can tear it down and rebuild it automatically.
Back out of the atomic hosts and use vagrant to remove the instances.
vagrant destroy --force
Edit the Vagrantfile and set the configuration switches for etcd and flannel
to true.
sed '-i /configure_/s/false/true/' Vagrantfile
When these are set, Vagrant will use script provisioning to initialize etcd and flannel.